Charter establishing the principles governing the access to APPEL APPEL is the application for electronic exchange of information between DG ECHO and its partners (NGOs, International Organizations, and United Nations Organizations). It is used by DG ECHO partners to update data relating to their organisations and to manage projects submitted through the eSingle Form. APPEL is also used by organisations willing to become a DG ECHO partners to submit an application for partnership. Connection to APPEL is possible using the ECAS user account. ECAS, the “European Commission Authentication System” is a system aiming at facilitating the communication between the European Commission and external organisations. It allows these organisations to access and manage safely different protected databases of the European Commission with a unique username and password per person. It is the responsibility of each organisation using APPEL to manage its own user rights: creation, modification and deletion. DG ECHO will grant only access to the user Right Administrators, who will manage all APPEL users inside the organisation. This responsibility is governed by the principles mentioned below: There are five types of permissions/rights: The reader role only allows the user to consult information in APPEL. The user cannot encode, modify or send data to ECHO. The Administrative role is needed to be authorized to modify the organisation's administrative data. With the administrative role, you cannot manage E-requests. The Encoder role grants the right to encode or modify E-requests in APPEL in addition to the consultation of all available information. The Sender role makes it possible to send E-requests to ECHO. It also includes the same capability as the Encoder role. The sender access is the most important one, the sender validates the accuracy of the data and engages the responsibility of the organisation. It is recommended to have 2 senders in case of absence of one of them. The User Rights Administrator role allows the user to manage the APPEL user rights of the other members of the organisation. User Right Administrators are playing a key role as they are the persons designated by the organisation to grant the access to the staff members and to co-ordinate with DG ECHO the implementation of user rights related to APPEL. There is no limit in the number of users having these rights. As many users as necessary can be created depending on the internal needs. It is advisable to keep the number of users within reasonable limits, on the one hand, to assure continuity of operations and, on the other hand, to guarantee data quality and coherence. One user can have several rights. The User Rights Administrator will have two ways for managing user rights. Either he/she waits until a user requests some rights for using APPEL, or he/she gives proactively user rights to staff members of the organisation. The access granted should be in accordance with the organisation internal rules. The assignment of rights should be documented and retained for purpose of monitoring. The User Rights administrator should update regularly the list of users. When a person leaves the organisation, the user’s profile has to be deleted. All users who are granted access to the system should use their access only for the purposes intended and should only act according to the roles and responsibilities and access rights given to them and according to their work assignments. The organisation should establish a procedure to ensure that the access rights granted to his/her staff are still entirely in line with the tasks delegated to them. Users are required to conform to the rules and responsibilities set out in the organisation’s internal rules or contractual provisions. Users will act according to the instructions given to them and they shall report all problems within the system which they may discover during their work to a User Right Administrator, who will coordinate with DG ECHO on further follow-up. Users should not reveal their password under any circumstances. The only exception allowed is in case remote assistance is required from specialised personnel not disposing of screen capture software and not located in the same building. After such assistance, the user shall immediately change his password. Where passwords are made known to other persons, the password owner is responsible for the actions undertaken with their username / password. The Commission declines all responsibility for the accuracy of information supplied in APPEL by DG ECHO Partners. The data collected is only accessible outside the Commission by people authorised by the User Rights Administrator of the concerned organisation. Inside the Commission, the data can be accessed by designated Commission representatives using a UserID and a password. Protection of personnel data is regulated by Regulation (EC) N°45/2001 of the European Parliament and the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the European Union institutions and bodies and on the free movement of such data. I ……………………….. (name, function1) hereby declare that I accept the conditions set out in this Charter and that I received a copy of it. Signed on ……………., at …………………………….. Name: …………………… e-mail/username: ………………………………… Signature: ……………………………. 1 This charter has mandatory to be signed by the User Rights administrators and a copy sent to DG ECHO (email echo-appel@ec.europa.eu ). It is good practice that such charter is also signed by all concerned users who are granted access to APPEL inside the organisation. It is the organisation's responsibility to assure that their users are aware of their obligations and responsibilities and these documents have not to be sent to ECHO for these categories of users. DECLARATION RELATED TO THE USER RIGHTS ADMINISTRATOR(S) I, the undersigned, …………………………………………., [name], [title]2, declare that the person(s) mentioned below has/have been nominated as the APPEL User Rights administrator(s) for …………………………………………[Organisation's name], registered at …………………………………………………………..[address] Create Delete 3: ……………….. [name] – [function] 4 ………………… [username/ email address] 5 ………………… [signature for acceptance in case of creation] Create Delete 3: ……………….. [name] – [function] ………………… [username/ email address] ………………… [signature for acceptance in case of creation] Create Delete 3: ……………….. [name] – [function] ………………… [username/ email address] ………………… [signature for acceptance in case of creation] My organisation accepts all responsibilities for the accesses done by user rights attributed by one of the above created user right administrators In case the accesses of User Right Administrators have to be changed, I will notify DG ECHO immediately of the needed changes. Signed on ……………., at …………………………….. Name2: ………………………………………… username: ……………………….. Signature: …………….. 2 Legal representative of the Partner's organisation 3 Please tick mandatory one of both options 4 With his/her signature the person agrees to take the role as user right administrator for that organisation 5 Please provide the email address that will be used to connect to APPEL/ECAS